Skip to main content

Browse the archive

https://github.com/torvalds/linux
23 October 2021, 00:29:24 UTC
sort by:
Revision Author Date Message Commit Date
9e82bf0 Linus Torvalds 15 September 2014, 00:50:12 UTC Linux 3.17-rc5 15 September 2014, 00:50:12 UTC
83373f7 Linus Torvalds 15 September 2014, 00:37:36 UTC Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/viro/vfs Pull vfs fixes from Al Viro: "double iput() on failure exit in lustre, racy removal of spliced dentries from ->s_anon in __d_materialise_dentry() plus a bunch of assorted RCU pathwalk fixes" The RCU pathwalk fixes end up fixing a couple of cases where we incorrectly dropped out of RCU walking, due to incorrect initialization and testing of the sequence locks in some corner cases. Since dropping out of RCU walk mode forces the slow locked accesses, those corner cases slowed down quite dramatically. * 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/viro/vfs: be careful with nd->inode in path_init() and follow_dotdot_rcu() don't bugger nd->seq on set_root_rcu() from follow_dotdot_rcu() fix bogus read_seqretry() checks introduced in b37199e move the call of __d_drop(anon) into __d_materialise_unique(dentry, anon) [fix] lustre: d_make_root() does iput() on dentry allocation failure 15 September 2014, 00:37:36 UTC
9226b5b Linus Torvalds 15 September 2014, 00:28:32 UTC vfs: avoid non-forwarding large load after small store in path lookup The performance regression that Josef Bacik reported in the pathname lookup (see commit 99d263d4c5b2 "vfs: fix bad hashing of dentries") made me look at performance stability of the dcache code, just to verify that the problem was actually fixed. That turned up a few other problems in this area. There are a few cases where we exit RCU lookup mode and go to the slow serializing case when we shouldn't, Al has fixed those and they'll come in with the next VFS pull. But my performance verification also shows that link_path_walk() turns out to have a very unfortunate 32-bit store of the length and hash of the name we look up, followed by a 64-bit read of the combined hash_len field. That screws up the processor store to load forwarding, causing an unnecessary hickup in this critical routine. It's caused by the ugly calling convention for the "hash_name()" function, and easily fixed by just making hash_name() fill in the whole 'struct qstr' rather than passing it a pointer to just the hash value. With that, the profile for this function looks much smoother. Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org> 15 September 2014, 00:28:32 UTC
5910cfd Linus Torvalds 14 September 2014, 19:28:08 UTC Merge branch 'parisc-3.17-1' of git://git.kernel.org/pub/scm/linux/kernel/git/deller/parisc-linux Pull parisc updates from Helge Deller: "The most important patch is a new Light Weigth Syscall (LWS) for 8, 16, 32 and 64 bit atomic CAS operations which is required in order to be able to implement the atomic gcc builtins on our platform. Other than that, we wire up the seccomp, getrandom and memfd_create syscalls, fixes a minor off-by-one bug and a wrong printk string" * 'parisc-3.17-1' of git://git.kernel.org/pub/scm/linux/kernel/git/deller/parisc-linux: parisc: Implement new LWS CAS supporting 64 bit operations. parisc: Wire up seccomp, getrandom and memfd_create syscalls parisc: dino: fix %d confusingly prefixed with 0x in format string parisc: sys_hpux: NUL terminator is one past the end 14 September 2014, 19:28:08 UTC
4023bfc Al Viro 14 September 2014, 01:59:43 UTC be careful with nd->inode in path_init() and follow_dotdot_rcu() in the former we simply check if dentry is still valid after picking its ->d_inode; in the latter we fetch ->d_inode in the same places where we fetch dentry and its ->d_seq, under the same checks. Cc: stable@vger.kernel.org # 2.6.38+ Signed-off-by: Al Viro <viro@zeniv.linux.org.uk> 14 September 2014, 18:24:47 UTC
7bd8837 Al Viro 14 September 2014, 01:55:46 UTC don't bugger nd->seq on set_root_rcu() from follow_dotdot_rcu() return the value instead, and have path_init() do the assignment. Broken by "vfs: Fix absolute RCU path walk failures due to uninitialized seq number", which was Cc-stable with 2.6.38+ as destination. This one should go where it went. To avoid dummy value returned in case when root is already set (it would do no harm, actually, since the only caller that doesn't ignore the return value is guaranteed to have nd->root *not* set, but it's more obvious that way), lift the check into callers. And do the same to set_root(), to keep them in sync. Cc: stable@vger.kernel.org # 2.6.38+ Signed-off-by: Al Viro <viro@zeniv.linux.org.uk> 14 September 2014, 18:19:44 UTC
02c1be3 Linus Torvalds 14 September 2014, 17:54:12 UTC Merge tag 'ntb-3.17' of git://github.com/jonmason/ntb Pull ntb driver bugfixes from Jon Mason: "NTB driver fixes for queue spread and buffer alignment. Also, update to MAINTAINERS to reflect new e-mail address" * tag 'ntb-3.17' of git://github.com/jonmason/ntb: ntb: Add alignment check to meet hardware requirement MAINTAINERS: update NTB info NTB: correct the spread of queues over mw's 14 September 2014, 17:54:12 UTC
8ac19f0 Linus Torvalds 14 September 2014, 17:37:10 UTC Merge branch 'irq-urgent-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip Pull ARM irq chip fixes from Thomas Gleixner: "Another pile of ARM specific irq chip fixlets: - off by one bugs in the crossbar driver - missing annotations - a bunch of "make it compile" updates I pulled the lot today from Jason, but it has been in -next for at least a week" * 'irq-urgent-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip: irqchip: gic-v3: Declare rdist as __percpu pointer to __iomem pointer irqchip: gic: Make gic_default_routable_irq_domain_ops static irqchip: exynos-combiner: Fix compilation error on ARM64 irqchip: crossbar: Off by one bugs in init irqchip: gic-v3: Tag all low level accessors __maybe_unused irqchip: gic-v3: Only define gic_peek_irq() when building SMP 14 September 2014, 17:37:10 UTC
938c04a Thomas Gleixner 14 September 2014, 13:19:19 UTC Merge tag 'irqchip-urgent-3.17' of git://git.infradead.org/users/jcooper/linux into irq/urgent irqchip fixes for v3.17 from Jason Cooper - GIC/GICV3: Various fixlets - crossbar: Fix off-by-one bug - exynos-combiner: Fix arm64 build error 14 September 2014, 13:20:54 UTC
3cc5ba1 Dave Jiang 28 August 2014, 20:53:02 UTC ntb: Add alignment check to meet hardware requirement The NTB translate register must have the value to be BAR size aligned. This alignment check make sure that the DMA memory allocated has the proper alignment. Another requirement for NTB to function properly with memory window BAR size greater or equal to 4M is to use the CMA feature in 3.16 kernel with the appropriate CONFIG_CMA_ALIGNMENT and CONFIG_CMA_SIZE_MBYTES set. Signed-off-by: Dave Jiang <dave.jiang@intel.com> Signed-off-by: Jon Mason <jdmason@kudzu.us> 14 September 2014, 04:10:38 UTC
9ef6bf6 Jon Mason 19 June 2014, 17:44:24 UTC MAINTAINERS: update NTB info Update my contact info to my personal email address and add Dave Jiang. Signed-off-by: Jon Mason <jon.mason@intel.com> Signed-off-by: Dave Jiang <dave.jiang@intel.com> 14 September 2014, 04:10:38 UTC
a1413cf Jon Mason 19 June 2014, 17:11:13 UTC NTB: correct the spread of queues over mw's The detection of an uneven number of queues on the given memory windows was not correct. The mw_num is zero based and the mod should be division to spread them evenly over the mw's. Signed-off-by: Jon Mason <jon.mason@intel.com> 14 September 2014, 04:10:38 UTC
f5be3e2 Al Viro 14 September 2014, 01:50:45 UTC fix bogus read_seqretry() checks introduced in b37199e read_seqretry() returns true on mismatch, not on match... Cc: stable@vger.kernel.org # 3.15+ Signed-off-by: Al Viro <viro@zeniv.linux.org.uk> 14 September 2014, 02:14:16 UTC
6f18493 Al Viro 11 September 2014, 22:55:50 UTC move the call of __d_drop(anon) into __d_materialise_unique(dentry, anon) and lock the right list there Cc: stable@vger.kernel.org Signed-off-by: Al Viro <viro@zeniv.linux.org.uk> 14 September 2014, 02:14:03 UTC
f77ced6 Al Viro 03 September 2014, 17:11:09 UTC [fix] lustre: d_make_root() does iput() on dentry allocation failure double-free is a bad thing Signed-off-by: Al Viro <viro@zeniv.linux.org.uk> 14 September 2014, 02:13:39 UTC
1536340 Linus Torvalds 13 September 2014, 21:22:12 UTC Merge branches 'locking-urgent-for-linus' and 'timers-urgent-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip Pull futex and timer fixes from Thomas Gleixner: "A oneliner bugfix for the jinxed futex code: - Drop hash bucket lock in the error exit path. I really could slap myself for intruducing that bug while fixing all the other horror in that code three month ago ... and the timer department is not too proud about the following fixes: - Deal with a long standing rounding bug in the timeval to jiffies conversion. It's a real issue and this fix fell through the cracks for quite some time. - Another round of alarmtimer fixes. Finally this code gets used more widely and the subtle issues hidden for quite some time are noticed and fixed. Nothing really exciting, just the itty bitty details which bite the serious users here and there" * 'locking-urgent-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip: futex: Unlock hb->lock in futex_wait_requeue_pi() error path * 'timers-urgent-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip: alarmtimer: Lock k_itimer during timer callback alarmtimer: Do not signal SIGEV_NONE timers alarmtimer: Return relative times in timer_gettime jiffies: Fix timeval conversion to jiffies 13 September 2014, 21:22:12 UTC
8920649 Guy Martin 12 September 2014, 16:02:34 UTC parisc: Implement new LWS CAS supporting 64 bit operations. The current LWS cas only works correctly for 32bit. The new LWS allows for CAS operations of variable size. Signed-off-by: Guy Martin <gmsoft@tuxicoman.be> Cc: <stable@vger.kernel.org> # 3.13+ Signed-off-by: Helge Deller <deller@gmx.de> 13 September 2014, 20:40:48 UTC
99d263d Linus Torvalds 13 September 2014, 18:30:10 UTC vfs: fix bad hashing of dentries Josef Bacik found a performance regression between 3.2 and 3.10 and narrowed it down to commit bfcfaa77bdf0 ("vfs: use 'unsigned long' accesses for dcache name comparison and hashing"). He reports: "The test case is essentially for (i = 0; i < 1000000; i++) mkdir("a$i"); On xfs on a fio card this goes at about 20k dir/sec with 3.2, and 12k dir/sec with 3.10. This is because we spend waaaaay more time in __d_lookup on 3.10 than in 3.2. The new hashing function for strings is suboptimal for < sizeof(unsigned long) string names (and hell even > sizeof(unsigned long) string names that I've tested). I broke out the old hashing function and the new one into a userspace helper to get real numbers and this is what I'm getting: Old hash table had 1000000 entries, 0 dupes, 0 max dupes New hash table had 12628 entries, 987372 dupes, 900 max dupes We had 11400 buckets with a p50 of 30 dupes, p90 of 240 dupes, p99 of 567 dupes for the new hash My test does the hash, and then does the d_hash into a integer pointer array the same size as the dentry hash table on my system, and then just increments the value at the address we got to see how many entries we overlap with. As you can see the old hash function ended up with all 1 million entries in their own bucket, whereas the new one they are only distributed among ~12.5k buckets, which is why we're using so much more CPU in __d_lookup". The reason for this hash regression is two-fold: - On 64-bit architectures the down-mixing of the original 64-bit word-at-a-time hash into the final 32-bit hash value is very simplistic and suboptimal, and just adds the two 32-bit parts together. In particular, because there is no bit shuffling and the mixing boundary is also a byte boundary, similar character patterns in the low and high word easily end up just canceling each other out. - the old byte-at-a-time hash mixed each byte into the final hash as it hashed the path component name, resulting in the low bits of the hash generally being a good source of hash data. That is not true for the word-at-a-time case, and the hash data is distributed among all the bits. The fix is the same in both cases: do a better job of mixing the bits up and using as much of the hash data as possible. We already have the "hash_32|64()" functions to do that. Reported-by: Josef Bacik <jbacik@fb.com> Cc: Al Viro <viro@zeniv.linux.org.uk> Cc: Christoph Hellwig <hch@infradead.org> Cc: Chris Mason <clm@fb.com> Cc: linux-fsdevel@vger.kernel.org Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org> 13 September 2014, 18:30:10 UTC
23d0db7 Linus Torvalds 13 September 2014, 18:24:03 UTC Make hash_64() use a 64-bit multiply when appropriate The hash_64() function historically does the multiply by the GOLDEN_RATIO_PRIME_64 number with explicit shifts and adds, because unlike the 32-bit case, gcc seems unable to turn the constant multiply into the more appropriate shift and adds when required. However, that means that we generate those shifts and adds even when the architecture has a fast multiplier, and could just do it better in hardware. Use the now-cleaned-up CONFIG_ARCH_HAS_FAST_MULTIPLIER (together with "is it a 64-bit architecture") to decide whether to use an integer multiply or the explicit sequence of shift/add instructions. Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org> 13 September 2014, 18:24:03 UTC
72d9310 Linus Torvalds 13 September 2014, 18:14:53 UTC Make ARCH_HAS_FAST_MULTIPLIER a real config variable It used to be an ad-hoc hack defined by the x86 version of <asm/bitops.h> that enabled a couple of library routines to know whether an integer multiply is faster than repeated shifts and additions. This just makes it use the real Kconfig system instead, and makes x86 (which was the only architecture that did this) select the option. NOTE! Even for x86, this really is kind of wrong. If we cared, we would probably not enable this for builds optimized for netburst (P4), where shifts-and-adds are generally faster than multiplies. This patch does *not* change that kind of logic, though, it is purely a syntactic change with no code changes. This was triggered by the fact that we have other places that really want to know "do I want to expand multiples by constants by hand or not", particularly the hash generation code. Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org> 13 September 2014, 18:14:53 UTC
186cec3 Linus Torvalds 13 September 2014, 17:04:10 UTC Merge tag 'dm-3.17-fix2' of git://git.kernel.org/pub/scm/linux/kernel/git/device-mapper/linux-dm Pull device mapper fix from Mike Snitzer: "Fix a race in the DM cache target that caused dirty blocks to be marked as clean. This could cause no writeback to occur or spurious dirty block counts" * tag 'dm-3.17-fix2' of git://git.kernel.org/pub/scm/linux/kernel/git/device-mapper/linux-dm: dm cache: fix race causing dirty blocks to be marked as clean 13 September 2014, 17:04:10 UTC
645cc09 Linus Torvalds 13 September 2014, 16:39:55 UTC Merge branch 'for-linus' of git://git.kernel.dk/linux-block Pull block fixes from Jens Axboe: "A small collection of fixes for the current rc series. This contains: - Two small blk-mq patches from Rob Elliott, cleaning up error case at init time. - A fix from Ming Lei, fixing SG merging for blk-mq where QUEUE_FLAG_SG_NO_MERGE is the default. - A dev_t minor lifetime fix from Keith, fixing an issue where a minor might be reused before all references to it were gone. - Fix from Alan Stern where an unbalanced queue bypass caused SCSI some headaches when it does a series of add/del on devices without fully registrering the queue. - A fix from me for improving the scaling of tag depth in blk-mq if we are short on memory" * 'for-linus' of git://git.kernel.dk/linux-block: blk-mq: scale depth and rq map appropriate if low on memory Block: fix unbalanced bypass-disable in blk_register_queue block: Fix dev_t minor allocation lifetime blk-mq: cleanup after blk_mq_init_rq_map failures blk-mq: pass along blk_mq_alloc_tag_set return values blk-merge: fix blk_recount_segments 13 September 2014, 16:39:55 UTC
fc486b0 Linus Torvalds 13 September 2014, 00:45:27 UTC Merge tag 'stable/for-linus-3.17-b-rc4-arm-tag' of git://git.kernel.org/pub/scm/linux/kernel/git/xen/tip Pull Xen ARM bugfix from Stefano Stabellini: "The patches fix the "xen_add_mach_to_phys_entry: cannot add" bug that has been affecting xen on arm and arm64 guests since 3.16. They require a few hypervisor side changes that just went in xen-unstable. A couple of days ago David sent out a pull request with a few other Xen fixes (it is already in master). Sorry we didn't synchronized better among us" * tag 'stable/for-linus-3.17-b-rc4-arm-tag' of git://git.kernel.org/pub/scm/linux/kernel/git/xen/tip: xen/arm: remove mach_to_phys rbtree xen/arm: reimplement xen_dma_unmap_page & friends xen/arm: introduce XENFEAT_grant_map_identity 13 September 2014, 00:45:27 UTC
474e941 Richard Larocque 10 September 2014, 01:31:05 UTC alarmtimer: Lock k_itimer during timer callback Locks the k_itimer's it_lock member when handling the alarm timer's expiry callback. The regular posix timers defined in posix-timers.c have this lock held during timout processing because their callbacks are routed through posix_timer_fn(). The alarm timers follow a different path, so they ought to grab the lock somewhere else. Cc: stable@vger.kernel.org Cc: Thomas Gleixner <tglx@linutronix.de> Cc: Ingo Molnar <mingo@kernel.org> Cc: Richard Cochran <richardcochran@gmail.com> Cc: Prarit Bhargava <prarit@redhat.com> Cc: Sharvil Nanavati <sharvil@google.com> Signed-off-by: Richard Larocque <rlarocque@google.com> Signed-off-by: John Stultz <john.stultz@linaro.org> 12 September 2014, 20:59:12 UTC
265b81d Richard Larocque 10 September 2014, 01:31:04 UTC alarmtimer: Do not signal SIGEV_NONE timers Avoids sending a signal to alarm timers created with sigev_notify set to SIGEV_NONE by checking for that special case in the timeout callback. The regular posix timers avoid sending signals to SIGEV_NONE timers by not scheduling any callbacks for them in the first place. Although it would be possible to do something similar for alarm timers, it's simpler to handle this as a special case in the timeout. Prior to this patch, the alarm timer would ignore the sigev_notify value and try to deliver signals to the process anyway. Even worse, the sanity check for the value of sigev_signo is skipped when SIGEV_NONE was specified, so the signal number could be bogus. If sigev_signo was an unitialized value (as it often would be if SIGEV_NONE is used), then it's hard to predict which signal will be sent. Cc: stable@vger.kernel.org Cc: Thomas Gleixner <tglx@linutronix.de> Cc: Ingo Molnar <mingo@kernel.org> Cc: Richard Cochran <richardcochran@gmail.com> Cc: Prarit Bhargava <prarit@redhat.com> Cc: Sharvil Nanavati <sharvil@google.com> Signed-off-by: Richard Larocque <rlarocque@google.com> Signed-off-by: John Stultz <john.stultz@linaro.org> 12 September 2014, 20:59:12 UTC
e86fea7 Richard Larocque 10 September 2014, 01:31:03 UTC alarmtimer: Return relative times in timer_gettime Returns the time remaining for an alarm timer, rather than the time at which it is scheduled to expire. If the timer has already expired or it is not currently scheduled, the it_value's members are set to zero. This new behavior matches that of the other posix-timers and the POSIX specifications. This is a change in user-visible behavior, and may break existing applications. Hopefully, few users rely on the old incorrect behavior. Cc: stable@vger.kernel.org Cc: Thomas Gleixner <tglx@linutronix.de> Cc: Ingo Molnar <mingo@kernel.org> Cc: Richard Cochran <richardcochran@gmail.com> Cc: Prarit Bhargava <prarit@redhat.com> Cc: Sharvil Nanavati <sharvil@google.com> Signed-off-by: Richard Larocque <rlarocque@google.com> [jstultz: minor style tweak] Signed-off-by: John Stultz <john.stultz@linaro.org> 12 September 2014, 20:59:11 UTC
d78c930 Andrew Hunter 04 September 2014, 21:17:16 UTC jiffies: Fix timeval conversion to jiffies timeval_to_jiffies tried to round a timeval up to an integral number of jiffies, but the logic for doing so was incorrect: intervals corresponding to exactly N jiffies would become N+1. This manifested itself particularly repeatedly stopping/starting an itimer: setitimer(ITIMER_PROF, &val, NULL); setitimer(ITIMER_PROF, NULL, &val); would add a full tick to val, _even if it was exactly representable in terms of jiffies_ (say, the result of a previous rounding.) Doing this repeatedly would cause unbounded growth in val. So fix the math. Here's what was wrong with the conversion: we essentially computed (eliding seconds) jiffies = usec * (NSEC_PER_USEC/TICK_NSEC) by using scaling arithmetic, which took the best approximation of NSEC_PER_USEC/TICK_NSEC with denominator of 2^USEC_JIFFIE_SC = x/(2^USEC_JIFFIE_SC), and computed: jiffies = (usec * x) >> USEC_JIFFIE_SC and rounded this calculation up in the intermediate form (since we can't necessarily exactly represent TICK_NSEC in usec.) But the scaling arithmetic is a (very slight) *over*approximation of the true value; that is, instead of dividing by (1 usec/ 1 jiffie), we effectively divided by (1 usec/1 jiffie)-epsilon (rounding down). This would normally be fine, but we want to round timeouts up, and we did so by adding 2^USEC_JIFFIE_SC - 1 before the shift; this would be fine if our division was exact, but dividing this by the slightly smaller factor was equivalent to adding just _over_ 1 to the final result (instead of just _under_ 1, as desired.) In particular, with HZ=1000, we consistently computed that 10000 usec was 11 jiffies; the same was true for any exact multiple of TICK_NSEC. We could possibly still round in the intermediate form, adding something less than 2^USEC_JIFFIE_SC - 1, but easier still is to convert usec->nsec, round in nanoseconds, and then convert using time*spec*_to_jiffies. This adds one constant multiplication, and is not observably slower in microbenchmarks on recent x86 hardware. Tested: the following program: int main() { struct itimerval zero = {{0, 0}, {0, 0}}; /* Initially set to 10 ms. */ struct itimerval initial = zero; initial.it_interval.tv_usec = 10000; setitimer(ITIMER_PROF, &initial, NULL); /* Save and restore several times. */ for (size_t i = 0; i < 10; ++i) { struct itimerval prev; setitimer(ITIMER_PROF, &zero, &prev); /* on old kernels, this goes up by TICK_USEC every iteration */ printf("previous value: %ld %ld %ld %ld\n", prev.it_interval.tv_sec, prev.it_interval.tv_usec, prev.it_value.tv_sec, prev.it_value.tv_usec); setitimer(ITIMER_PROF, &prev, NULL); } return 0; } Cc: stable@vger.kernel.org Cc: Thomas Gleixner <tglx@linutronix.de> Cc: Ingo Molnar <mingo@redhat.com> Cc: Paul Turner <pjt@google.com> Cc: Richard Cochran <richardcochran@gmail.com> Cc: Prarit Bhargava <prarit@redhat.com> Reviewed-by: Paul Turner <pjt@google.com> Reported-by: Aaron Jacobs <jacobsa@google.com> Signed-off-by: Andrew Hunter <ahh@google.com> [jstultz: Tweaked to apply to 3.17-rc] Signed-off-by: John Stultz <john.stultz@linaro.org> 12 September 2014, 20:59:03 UTC
13c42c2 Thomas Gleixner 11 September 2014, 21:44:35 UTC futex: Unlock hb->lock in futex_wait_requeue_pi() error path futex_wait_requeue_pi() calls futex_wait_setup(). If futex_wait_setup() succeeds it returns with hb->lock held and preemption disabled. Now the sanity check after this does: if (match_futex(&q.key, &key2)) { ret = -EINVAL; goto out_put_keys; } which releases the keys but does not release hb->lock. So we happily return to user space with hb->lock held and therefor preemption disabled. Unlock hb->lock before taking the exit route. Reported-by: Dave "Trinity" Jones <davej@redhat.com> Signed-off-by: Thomas Gleixner <tglx@linutronix.de> Reviewed-by: Darren Hart <dvhart@linux.intel.com> Reviewed-by: Davidlohr Bueso <dave@stgolabs.net> Cc: Peter Zijlstra <a.p.zijlstra@chello.nl> Cc: stable@vger.kernel.org Link: http://lkml.kernel.org/r/alpine.DEB.2.10.1409112318500.4178@nanos Signed-off-by: Thomas Gleixner <tglx@linutronix.de> 12 September 2014, 20:04:36 UTC
471cff7 Linus Torvalds 12 September 2014, 19:00:49 UTC Merge tag 'char-misc-3.17-rc5' of git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/char-misc Pull char/misc driver fix from Greg KH: "Here is one misc driver fix for 3.17-rc5. It resolves a kernel oops that can happen in the lattice FPGA driver if the firmware isn't present on the system. It's been in the linux-next tree for a while now" * tag 'char-misc-3.17-rc5' of git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/char-misc: Lattice ECP3 FPGA: Check firmware pointer 12 September 2014, 19:00:49 UTC
a6988b3 Linus Torvalds 12 September 2014, 19:00:18 UTC Merge tag 'staging-3.17-rc5' of git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/staging Pull staging driver fixes from Greg KH: "Here are 3 tiny staging driver fixes for 3.17-rc5. Two are fixes for the imx-drm driver, resolving issues that have been reported. The other is a memory leak fix for the Android sync driver, due to changes that went into 3.17-rc1. All have been in linux-next for a while" * tag 'staging-3.17-rc5' of git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/staging: android: fix reference leak in sync_fence_create imx-drm: imx-ldb: fix NULL pointer in imx_ldb_unbind() imx-drm: ipuv3-plane: fix ipu_plane_dpms() 12 September 2014, 19:00:18 UTC
09db9d6 Linus Torvalds 12 September 2014, 18:59:48 UTC Merge tag 'tty-3.17-rc5' of git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/tty Pull tty/serial fixes from Greg KH: "Here are 3 patches for 3.17-rc5. Two serial driver fixes that resolve some reported issues, and one new device id. All have been in linux-next just fine" * tag 'tty-3.17-rc5' of git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/tty: tty: xuartps: Fix tx_emtpy() callback tty/serial: at91: BUG: disable interrupts when !UART_ENABLE_MS() serial: 8250_dw: Add ACPI ID for Intel Braswell 12 September 2014, 18:59:48 UTC
90a3c48 Linus Torvalds 12 September 2014, 18:59:10 UTC Merge tag 'usb-3.17-rc5' of git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/usb Pull USB fixes from Greg KH: "Here are some USB and PHY fixes for 3.17-rc5. Nothing major here, just a number of tiny fixes for reported issues, and some new device ids as well. All have been tested in linux-next" * tag 'usb-3.17-rc5' of git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/usb: (46 commits) xhci: fix oops when xhci resumes from hibernate with hw lpm capable devices usb: xhci: Fix OOPS in xhci error handling code xhci: Fix null pointer dereference if xhci initialization fails storage: Add single-LUN quirk for Jaz USB Adapter uas: Add missing le16_to_cpu calls to asm1051 / asm1053 usb-id check usb: chipidea: msm: Initialize PHY on reset event usb: chipidea: msm: Use USB PHY API to control PHY state usb: hub: take hub->hdev reference when processing from eventlist uas: Disable uas on ASM1051 devices usb: dwc2/gadget: avoid disabling ep0 usb: dwc2/gadget: delay enabling irq once hardware is configured properly usb: dwc2/gadget: do not call disconnect method in pullup usb: dwc2/gadget: break infinite loop in endpoint disable code usb: dwc2/gadget: fix phy initialization sequence usb: dwc2/gadget: fix phy disable sequence uwb: init beacon cache entry before registering uwb device USB: ftdi_sio: Add support for GE Healthcare Nemo Tracker device USB: document the 'u' flag for usb-storage quirks parameter usb: host: xhci: fix compliance mode workaround usb: dwc3: fix TRB completion when multiple TRBs are started ... 12 September 2014, 18:59:10 UTC
602b536 Linus Torvalds 12 September 2014, 18:54:54 UTC Merge tag 'nfs-for-3.17-4' of git://git.linux-nfs.org/projects/trondmy/linux-nfs Pull NFS client fixes from Trond Myklebust: "Highlights: - fix a kernel warning when removing /proc/net/nfsfs - revert commit 49a4bda22e18 due to Oopses - fix a typo in the pNFS file layout commit code" * tag 'nfs-for-3.17-4' of git://git.linux-nfs.org/projects/trondmy/linux-nfs: pnfs: fix filelayout_retry_commit when idx > 0 nfs: revert "nfs4: queue free_lock_state job submission to nfsiod" nfs: fix kernel warning when removing proc entry 12 September 2014, 18:54:54 UTC
7ed641b Linus Torvalds 12 September 2014, 18:53:30 UTC Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/mason/linux-btrfs Pull btrfs fixes from Chris Mason: "Filipe is doing a careful pass through fsync problems, and these are the fixes so far. I'll have one more for rc6 that we're still testing. My big commit is fixing up some inode hash races that Al Viro found (thanks Al)" * 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/mason/linux-btrfs: Btrfs: use insert_inode_locked4 for inode creation Btrfs: fix fsync data loss after a ranged fsync Btrfs: kfree()ing ERR_PTRs Btrfs: fix crash while doing a ranged fsync Btrfs: fix corruption after write/fsync failure + fsync + log recovery Btrfs: fix autodefrag with compression 12 September 2014, 18:53:30 UTC
9925cc1 Linus Torvalds 12 September 2014, 16:53:47 UTC Merge tag 'arm64-fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/arm64/linux Pull arm64 fixes from Will Deacon: "Just a couple of stragglers here: - fix an issue migrating interrupts on CPU hotplug - fix a potential information leak of TLS registers across an exec (Nathan has sent a corresponding patch for arch/arm/ to rmk)" * tag 'arm64-fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/arm64/linux: arm64: flush TLS registers during exec arm64: use irq_set_affinity with force=false when migrating irqs 12 September 2014, 16:53:47 UTC
753a6cb Linus Torvalds 12 September 2014, 16:26:49 UTC Merge tag 'iommu-fixes-v3.17-rc4' of git://git.kernel.org/pub/scm/linux/kernel/git/joro/iommu Pull iommu fixes from Joerg Roedel: - two fixes for issues found by Coverity - various fixes for the ARM SMMU driver - a warning fix for the FSL PAMU driver * tag 'iommu-fixes-v3.17-rc4' of git://git.kernel.org/pub/scm/linux/kernel/git/joro/iommu: iommu/fsl: Fix warning resulting from adding PCI device twice iommu/arm-smmu: fix corner cases in address size calculations iommu/arm-smmu: fix decimal printf format specifiers prefixed with 0x iommu/arm-smmu: Do not access non-existing S2CR registers iommu/arm-smmu: fix s2cr and smr teardown on device detach from domain iommu/arm-smmu: remove pgtable_page_{c,d}tor() iommu/arm-smmu: fix programming of SMMU_CBn_TCR for stage 1 iommu/arm-smmu: avoid calling request_irq in atomic context iommu/vt-d: Check return value of acpi_bus_get_device() iommu/core: Make iommu_group_get_for_dev() more robust 12 September 2014, 16:26:49 UTC
96ea975 Linus Torvalds 12 September 2014, 16:24:46 UTC Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/jmorris/linux-security Pull assoc array garbage collection fix from James Morris. * 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/jmorris/linux-security: KEYS: Fix termination condition in assoc array garbage collection 12 September 2014, 16:24:46 UTC
5874cfe Linus Torvalds 12 September 2014, 16:11:37 UTC Merge tag 'fbdev-fixes-3.17' of git://git.kernel.org/pub/scm/linux/kernel/git/tomba/linux Pull fbdev fixes from Tomi Valkeinen: "Minor fixes for amba-clcd and video DT bindings" * tag 'fbdev-fixes-3.17' of git://git.kernel.org/pub/scm/linux/kernel/git/tomba/linux: video: ARM CLCD: Fix color model capabilities for DT platforms video: fix composite video connector compatible string 12 September 2014, 16:11:37 UTC
850ebc0 Linus Torvalds 12 September 2014, 15:27:40 UTC Merge branch 'drm-fixes' of git://people.freedesktop.org/~airlied/linux Pull drm fixes from Dave Airlie: "AST, i915, radeon and msm fixes, all over the place. All fixing build issues, regressions, oopses or failure to detect cards" * 'drm-fixes' of git://people.freedesktop.org/~airlied/linux: drm/ast: AST2000 cannot be detected correctly drm/ast: open key before detect chips drm/msm: don't crash if no msm.vram param drm/msm/hdmi: fix build break on non-CCF platforms drm/msm: Change nested function to static function drm/radeon/dpm: set the thermal type properly for special configs drm/radeon: reduce memory footprint for debugging drm/radeon: add connector quirk for fujitsu board drm/radeon: fix semaphore value init drm/radeon: only use me/pfp sync on evergreen+ drm/i915: Wait for vblank before enabling the TV encoder drm/i915: Evict CS TLBs between batches drm/i915: Fix irq enable tracking in driver load drm/i915: Fix EIO/wedged handling in gem fault handler drm/i915: Prevent recursive deadlock on releasing a busy userptr 12 September 2014, 15:27:40 UTC
95389b0 David Howells 10 September 2014, 21:22:00 UTC KEYS: Fix termination condition in assoc array garbage collection This fixes CVE-2014-3631. It is possible for an associative array to end up with a shortcut node at the root of the tree if there are more than fan-out leaves in the tree, but they all crowd into the same slot in the lowest level (ie. they all have the same first nibble of their index keys). When assoc_array_gc() returns back up the tree after scanning some leaves, it can fall off of the root and crash because it assumes that the back pointer from a shortcut (after label ascend_old_tree) must point to a normal node - which isn't true of a shortcut node at the root. Should we find we're ascending rootwards over a shortcut, we should check to see if the backpointer is zero - and if it is, we have completed the scan. This particular bug cannot occur if the root node is not a shortcut - ie. if you have fewer than 17 keys in a keyring or if you have at least two keys that sit into separate slots (eg. a keyring and a non keyring). This can be reproduced by: ring=`keyctl newring bar @s` for ((i=1; i<=18; i++)); do last_key=`keyctl newring foo$i $ring`; done keyctl timeout $last_key 2 Doing this: echo 3 >/proc/sys/kernel/keys/gc_delay first will speed things up. If we do fall off of the top of the tree, we get the following oops: BUG: unable to handle kernel NULL pointer dereference at 0000000000000018 IP: [<ffffffff8136cea7>] assoc_array_gc+0x2f7/0x540 PGD dae15067 PUD cfc24067 PMD 0 Oops: 0000 [#1] SMP Modules linked in: xt_nat xt_mark nf_conntrack_netbios_ns nf_conntrack_broadcast ip6t_rpfilter ip6t_REJECT xt_conntrack ebtable_nat ebtable_broute bridge stp llc ebtable_filter ebtables ip6table_ni CPU: 0 PID: 26011 Comm: kworker/0:1 Not tainted 3.14.9-200.fc20.x86_64 #1 Hardware name: Bochs Bochs, BIOS Bochs 01/01/2011 Workqueue: events key_garbage_collector task: ffff8800918bd580 ti: ffff8800aac14000 task.ti: ffff8800aac14000 RIP: 0010:[<ffffffff8136cea7>] [<ffffffff8136cea7>] assoc_array_gc+0x2f7/0x540 RSP: 0018:ffff8800aac15d40 EFLAGS: 00010206 RAX: 0000000000000000 RBX: 0000000000000000 RCX: ffff8800aaecacc0 RDX: ffff8800daecf440 RSI: 0000000000000001 RDI: ffff8800aadc2bc0 RBP: ffff8800aac15da8 R08: 0000000000000001 R09: 0000000000000003 R10: ffffffff8136ccc7 R11: 0000000000000000 R12: 0000000000000000 R13: 0000000000000000 R14: 0000000000000070 R15: 0000000000000001 FS: 0000000000000000(0000) GS:ffff88011fc00000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 000000008005003b CR2: 0000000000000018 CR3: 00000000db10d000 CR4: 00000000000006f0 Stack: ffff8800aac15d50 0000000000000011 ffff8800aac15db8 ffffffff812e2a70 ffff880091a00600 0000000000000000 ffff8800aadc2bc3 00000000cd42c987 ffff88003702df20 ffff88003702dfa0 0000000053b65c09 ffff8800aac15fd8 Call Trace: [<ffffffff812e2a70>] ? keyring_detect_cycle_iterator+0x30/0x30 [<ffffffff812e3e75>] keyring_gc+0x75/0x80 [<ffffffff812e1424>] key_garbage_collector+0x154/0x3c0 [<ffffffff810a67b6>] process_one_work+0x176/0x430 [<ffffffff810a744b>] worker_thread+0x11b/0x3a0 [<ffffffff810a7330>] ? rescuer_thread+0x3b0/0x3b0 [<ffffffff810ae1a8>] kthread+0xd8/0xf0 [<ffffffff810ae0d0>] ? insert_kthread_work+0x40/0x40 [<ffffffff816ffb7c>] ret_from_fork+0x7c/0xb0 [<ffffffff810ae0d0>] ? insert_kthread_work+0x40/0x40 Code: 08 4c 8b 22 0f 84 bf 00 00 00 41 83 c7 01 49 83 e4 fc 41 83 ff 0f 4c 89 65 c0 0f 8f 5a fe ff ff 48 8b 45 c0 4d 63 cf 49 83 c1 02 <4e> 8b 34 c8 4d 85 f6 0f 84 be 00 00 00 41 f6 c6 01 0f 84 92 RIP [<ffffffff8136cea7>] assoc_array_gc+0x2f7/0x540 RSP <ffff8800aac15d40> CR2: 0000000000000018 ---[ end trace 1129028a088c0cbd ]--- Signed-off-by: David Howells <dhowells@redhat.com> Acked-by: Don Zickus <dzickus@redhat.com> Signed-off-by: James Morris <james.l.morris@oracle.com> 12 September 2014, 12:34:31 UTC
e4cf39e Pawel Moll 10 September 2014, 14:15:53 UTC video: ARM CLCD: Fix color model capabilities for DT platforms The DT-based panel capabilities selection was picking up a subset of available modes based on hardware configuration. This was wrong, as the capabilities describe available memory models and adapt the display controller to them that the RGB output is wired up correctly (as in: R and B components are not swapped). This patch fixes it by removing the unnecessary limitation. Signed-off-by: Pawel Moll <pawel.moll@arm.com> Signed-off-by: Tomi Valkeinen <tomi.valkeinen@ti.com> 12 September 2014, 08:45:10 UTC
83502a5 Y.C. Chen 10 September 2014, 04:07:54 UTC drm/ast: AST2000 cannot be detected correctly Type error and cause AST2000 cannot be detected correctly Signed-off-by: Y.C. Chen <yc_chen@aspeedtech.com> Reviewed-by: Egbert Eich <eich@suse.de> Cc: stable@vger.kernel.org Signed-off-by: Dave Airlie <airlied@redhat.com> 12 September 2014, 03:41:39 UTC
8f372e2 Y.C. Chen 10 September 2014, 04:07:53 UTC drm/ast: open key before detect chips Some config settings like 3rd TX chips will not get correctly if the extended reg is protected Signed-off-by: Y.C. Chen <yc_chen@aspeedtech.com> Reviewed-by: Egbert Eich <eich@suse.de> Cc: stable@vger.kernel.org Signed-off-by: Dave Airlie <airlied@redhat.com> 12 September 2014, 03:41:27 UTC
c73f6fd Linus Torvalds 12 September 2014, 01:03:21 UTC Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/sage/ceph-client Pull Ceph fixes from Sage Weil: "The main thing here is a set of three patches that fix a buffer overrun for large authentication tickets (sigh). There is also a trivial warning fix and an error path fix that are both regressions" * 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/sage/ceph-client: libceph: do not hard code max auth ticket len libceph: add process_one_ticket() helper libceph: gracefully handle large reply messages from the mon rbd: fix error return code in rbd_dev_device_setup() rbd: avoid format-security warning inside alloc_workqueue() 12 September 2014, 01:03:21 UTC
7ee2d2d Linus Torvalds 11 September 2014, 23:52:29 UTC Merge tag 'stable/for-linus-3.17-b-rc4-tag' of git://git.kernel.org/pub/scm/linux/kernel/git/xen/tip Pull Xen bug fixes from David Vrabel: - fix for PVHVM suspend/resume and migration - don't pointlessly retry certain ballooning ops - fix gntalloc when grefs have run out. - fix PV boot if KSALR is enable or very large modules are used. * tag 'stable/for-linus-3.17-b-rc4-tag' of git://git.kernel.org/pub/scm/linux/kernel/git/xen/tip: x86/xen: don't copy bogus duplicate entries into kernel page tables xen/gntalloc: safely delete grefs in add_grefs() undo path xen/gntalloc: fix oops after runnning out of grant refs xen/balloon: cancel ballooning if adding new memory failed xen/manage: Always freeze/thaw processes when suspend/resuming 11 September 2014, 23:52:29 UTC
018cace Linus Torvalds 11 September 2014, 23:49:56 UTC Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/mpe/linux Pull powerpc fixes from Michael Ellerman: "Ben's travelling so this is my first attempt at a pull request. There's nothing too exciting. The CONFIG_FHANDLE one is annoying, I know you love defconfig changes. But we've had a couple of developers waste time debugging boxes that wouldn't boot, only to realise it's just that systemd needs CONFIG_FHANDLE and our defconfigs don't have it. The new syscalls seem to be working, I've run the selftests that exist, and also let trinity bash on them for a while" * 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/mpe/linux: powerpc: Wire up sys_seccomp(), sys_getrandom() and sys_memfd_create() powerpc: Make CONFIG_FHANDLE=y for all 64 bit powerpc defconfigs powerpc: use machine_subsys_initcall() for opal_hmi_handler_init() powerpc/perf: Fix ABIv2 kernel backtraces powerpc/pseries: Fix endian issues in memory hotplug 11 September 2014, 23:49:56 UTC
e2c6098 Greg Kroah-Hartman 11 September 2014, 22:08:14 UTC Merge tag 'fixes-for-v3.17-rc4' of git://git.kernel.org/pub/scm/linux/kernel/git/balbi/usb into usb-linus Felipe writes: usb: fixes for v3.17-rc4 Some late fixes for dwc3 so we have something more stable on v3.17-final. Most bugs have been there for quite a while and nobody noticed, except for TRB completion when multiple TRBs are started. Patches were tested on AM437x SK and J6 EVM and are passing my tests. Signed-of-by: Felipe Balbi <balbi@ti.com> 11 September 2014, 22:08:14 UTC
9604469 Mathias Nyman 11 September 2014, 10:55:50 UTC xhci: fix oops when xhci resumes from hibernate with hw lpm capable devices Resuming from hibernate (S4) will restart and re-initialize xHC. The device contexts are freed and will be re-allocated later during device reset. Usb core will disable link pm in device resume before device reset, which will try to change the max exit latency, accessing the device contexts before they are re-allocated. There is no need to zero (disable) the max exit latency when disabling hw lpm for a freshly re-initialized xHC. So check that device context exists before doing anything. The max exit latency will be set again after device reset when usb core enables the link pm. Reported-by: Imre Deak <imre.deak@intel.com> Tested-by: Imre Deak <imre.deak@intel.com> Cc: stable <stable@vger.kernel.org> Signed-off-by: Mathias Nyman <mathias.nyman@linux.intel.com> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> 11 September 2014, 21:23:52 UTC
0eda06c Al Cooper 11 September 2014, 10:55:49 UTC usb: xhci: Fix OOPS in xhci error handling code The xhci driver will OOPS on resume from S2/S3 if dma_alloc_coherent() is out of memory. This is a result of two things: 1. xhci_mem_cleanup() in xhci-mem.c free's xhci->lpm_command if it's not NULL, but doesn't set it to NULL after the free. 2. xhci_mem_cleanup() is called twice on resume, once for normal restart and once from xhci_mem_init() if dma_alloc_coherent() fails, resulting in a free of xhci->lpm_command that has already been freed. The fix is to set xhci->lpm_command to NULL after freeing it. Signed-off-by: Al Cooper <alcooperx@gmail.com> Cc: stable <stable@vger.kernel.org> Signed-off-by: Mathias Nyman <mathias.nyman@linux.intel.com> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> 11 September 2014, 21:23:52 UTC
c207e7c Mathias Nyman 11 September 2014, 10:55:48 UTC xhci: Fix null pointer dereference if xhci initialization fails If xhci initialization fails before the roothub bandwidth domains (xhci->rh_bw[i]) are allocated it will oops when trying to access rh_bw members in xhci_mem_cleanup(). Reported-by: Manuel Reimer <manuel.reimer@gmx.de> Cc: stable <stable@vger.kernel.org> Signed-off-by: Mathias Nyman <mathias.nyman@linux.intel.com> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> 11 September 2014, 21:23:52 UTC
c66f1c6 Mark 11 September 2014, 12:15:45 UTC storage: Add single-LUN quirk for Jaz USB Adapter The Iomega Jaz USB Adapter is a SCSI-USB converter cable. The hardware seems to be identical to e.g. the Microtech XpressSCSI, using a Shuttle/ SCM chip set. However its firmware restricts it to only work with Jaz drives. On connecting the cable a message like this appears four times in the log: reset full speed USB device number 4 using uhci_hcd That's non-fatal but the US_FL_SINGLE_LUN quirk fixes it. Signed-off-by: Mark Knibbs <markk@clara.co.uk> Cc: stable <stable@vger.kernel.org> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> 11 September 2014, 21:22:25 UTC
a79e5bc Hans de Goede 11 September 2014, 09:06:12 UTC uas: Add missing le16_to_cpu calls to asm1051 / asm1053 usb-id check Reported-by: kbuild test robot <fengguang.wu@intel.com> Cc: stable@vger.kernel.org # 3.16 Signed-off-by: Hans de Goede <hdegoede@redhat.com> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> 11 September 2014, 21:21:43 UTC
8381e57 Linus Torvalds 11 September 2014, 19:51:10 UTC Merge tag 'pm+acpi-3.17-rc5' of git://git.kernel.org/pub/scm/linux/kernel/git/rafael/linux-pm Pull ACPI and power management fixes from Rafael Wysocki: "These are regression fixes (cpufreq, ACPI battery) and fixes for stuff that never worked correctly (ACPI RTC operation region handler and PM domain implementation in the ACPI LPSS driver). Specifics: - Fix for the cpufreq Operation Performance Points (OPP) code where a recent commit added a kcalloc() call with an incorrect ordering of arguments. From Anand Moon. - Reverts of two ACPI battery commits that caused incorrect diagnostic information to be printed to dmesg in some cases from Bjørn Mork. - Fix for the ACPI RTC operation region handler that applied the & operator to an argument already representing an address and that caused it to overwrite its own argument instead of writing to the address contained in it as expected. From Chun-Yi Lee. - Fix for the PM domain implementation in the ACPI LPSS (Low-Power Subsystem) driver where one callback pointer pointed to a wrong routine and one was NULL, but it shouldn't. From Fu Zhonghui" * tag 'pm+acpi-3.17-rc5' of git://git.kernel.org/pub/scm/linux/kernel/git/rafael/linux-pm: ACPI / LPSS: complete PM entries for LPSS power domain Revert "ACPI / battery: fix wrong value of capacity_now reported when fully charged" Revert "ACPI / battery: Fix warning message in acpi_battery_get_state()" ACPI / RTC: Fix CMOS RTC opregion handler accesses to wrong addresses cpufreq / OPP: Fix the order of arguments for kcalloc() 11 September 2014, 19:51:10 UTC
d50582e Stefano Stabellini 10 September 2014, 22:49:48 UTC xen/arm: remove mach_to_phys rbtree Remove the rbtree used to keep track of machine to physical mappings: the frontend can grant the same page multiple times, leading to errors inserting or removing entries from the mach_to_phys tree. Linux only needed to know the physical address corresponding to a given machine address in swiotlb-xen. Now that swiotlb-xen can call the xen_dma_* functions passing the machine address directly, we can remove it. Signed-off-by: Stefano Stabellini <stefano.stabellini@eu.citrix.com> Tested-by: Denis Schneider <v1ne2go@gmail.com> 11 September 2014, 18:11:53 UTC
340720b Stefano Stabellini 10 September 2014, 22:49:41 UTC xen/arm: reimplement xen_dma_unmap_page & friends xen_dma_unmap_page, xen_dma_sync_single_for_cpu and xen_dma_sync_single_for_device are currently implemented by calling into the corresponding generic ARM implementation of these functions. In order to do this, firstly the dma_addr_t handle, that on Xen is a machine address, needs to be translated into a physical address. The operation is expensive and inaccurate, given that a single machine address can correspond to multiple physical addresses in one domain, because the same page can be granted multiple times by the frontend. To avoid this problem, we introduce a Xen specific implementation of xen_dma_unmap_page, xen_dma_sync_single_for_cpu and xen_dma_sync_single_for_device, that can operate on machine addresses directly. The new implementation relies on the fact that the hypervisor creates a second p2m mapping of any grant pages at physical address == machine address of the page for dom0. Therefore we can access memory at physical address == dma_addr_r handle and perform the cache flushing there. Some cache maintenance operations require a virtual address. Instead of using ioremap_cache, that is not safe in interrupt context, we allocate a per-cpu PAGE_KERNEL scratch page and we manually update the pte for it. arm64 doesn't need cache maintenance operations on unmap for now. Signed-off-by: Stefano Stabellini <stefano.stabellini@eu.citrix.com> Tested-by: Denis Schneider <v1ne2go@gmail.com> 11 September 2014, 18:11:53 UTC
5ebc77d Stefano Stabellini 10 September 2014, 22:49:30 UTC xen/arm: introduce XENFEAT_grant_map_identity The flag tells us that the hypervisor maps a grant page to guest physical address == machine address of the page in addition to the normal grant mapping address. It is needed to properly issue cache maintenance operation at the completion of a DMA operation involving a foreign grant. Signed-off-by: Stefano Stabellini <stefano.stabellini@eu.citrix.com> Tested-by: Denis Schneider <v1ne2go@gmail.com> 11 September 2014, 18:11:52 UTC
eb35bdd Will Deacon 11 September 2014, 13:38:16 UTC arm64: flush TLS registers during exec Nathan reports that we leak TLS information from the parent context during an exec, as we don't clear the TLS registers when flushing the thread state. This patch updates the flushing code so that we: (1) Unconditionally zero the tpidr_el0 register (since this is fully context switched for native tasks and zeroed for compat tasks) (2) Zero the tp_value state in thread_info before clearing the tpidrr0_el0 register for compat tasks (since this is only writable by the set_tls compat syscall and therefore not fully switched). A missing compiler barrier is also added to the compat set_tls syscall. Cc: <stable@vger.kernel.org> Acked-by: Nathan Lynch <Nathan_Lynch@mentor.com> Reported-by: Nathan Lynch <Nathan_Lynch@mentor.com> Signed-off-by: Will Deacon <will.deacon@arm.com> 11 September 2014, 17:34:58 UTC
1497e84 Linus Torvalds 11 September 2014, 17:11:29 UTC Merge branch 'fixes' of git://git.infradead.org/users/vkoul/slave-dma Pull dmaengine fixes from Vinod Koul: "Two minor fixes. First one from Kuninori clarifying dmas bindings and second from Lars for fixing dma descriptor completion in non cyclic case" * 'fixes' of git://git.infradead.org/users/vkoul/slave-dma: dmaengine: jz4740: Fix non-cyclic descriptor completion dt/bindings: rcar-audmapp: tidyup dmas explanation 11 September 2014, 17:11:29 UTC
8b02c5e Linus Torvalds 11 September 2014, 17:10:04 UTC Merge tag 'pinctrl-v3.17-3' of git://git.kernel.org/pub/scm/linux/kernel/git/linusw/linux-pinctrl Pull two pin control fixes from Linus Walleij: - fix a warning about unbalanced IRQs on the Baytrail - update Tomasz Figa's address in MAINTAINERS * tag 'pinctrl-v3.17-3' of git://git.kernel.org/pub/scm/linux/kernel/git/linusw/linux-pinctrl: MAINTAINERS: Tomasz has moved pinctrl: baytrail: resolve unbalanced IRQ wake disable warning 11 September 2014, 17:10:04 UTC
c8c16e3 Linus Torvalds 11 September 2014, 17:08:36 UTC Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/dtor/input Pull input updates from Dmitry Torokhov: "An update to Synaptics PS/2 driver to handle "ForcePads" (currently found in HP EliteBook 1040 laptops), a change for Elan PS/2 driver to detect newer touchpads, bunch of devices get annotated as Trackpoint and/or Pointer to help userspace classify and handle them, plus assorted driver fixes" * 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/dtor/input: Input: serport - add compat handling for SPIOCSTYPE ioctl Input: atmel_mxt_ts - fix double free of input device Input: synaptics - add support for ForcePads Input: matrix_keypad - use request_any_context_irq() Input: atmel_mxt_ts - downgrade warning about empty interrupts Input: wm971x - fix typo in module parameter description Input: cap1106 - fix register definition Input: add missing POINTER / DIRECT properties to a bunch of drivers Input: add INPUT_PROP_POINTING_STICK property Input: elantech - fix detection of touchpad on ASUS s301l 11 September 2014, 17:08:36 UTC
d2be899 Rafael J. Wysocki 11 September 2014, 13:09:30 UTC Merge branches 'acpi-rtc', 'acpi-lpss' and 'acpi-battery' * acpi-rtc: ACPI / RTC: Fix CMOS RTC opregion handler accesses to wrong addresses * acpi-lpss: ACPI / LPSS: complete PM entries for LPSS power domain * acpi-battery: Revert "ACPI / battery: fix wrong value of capacity_now reported when fully charged" Revert "ACPI / battery: Fix warning message in acpi_battery_get_state()" 11 September 2014, 13:09:30 UTC
1c00f73 Rafael J. Wysocki 11 September 2014, 13:09:05 UTC Merge branch 'pm-cpufreq' * pm-cpufreq: cpufreq / OPP: Fix the order of arguments for kcalloc() 11 September 2014, 13:09:05 UTC
d9f4acd Dave Airlie 11 September 2014, 10:52:43 UTC Merge branch 'msm-fixes-3.17-rc4' of git://people.freedesktop.org/~robclark/linux into drm-fixes A couple more little fixes: 1) fix from llvm/clang folks 2) fix build if common clock framework is not used 3) if vram carveout is used, have default size for vram carveout * 'msm-fixes-3.17-rc4' of git://people.freedesktop.org/~robclark/linux: drm/msm: don't crash if no msm.vram param drm/msm/hdmi: fix build break on non-CCF platforms drm/msm: Change nested function to static function 11 September 2014, 10:52:43 UTC
3a10ba8 Rob Clark 08 September 2014, 18:24:57 UTC drm/msm: don't crash if no msm.vram param If VRAM carveout is used, due to no IOMMU, we should have a default value for msm.vram so that we don't simply crash. Reported-by: Srinivas Kandagatla <srinivas.kandagatla@linaro.org> Signed-off-by: Rob Clark <robdclark@gmail.com> 11 September 2014, 10:49:21 UTC
28a38b6 Rob Clark 02 September 2014, 18:01:55 UTC drm/msm/hdmi: fix build break on non-CCF platforms Reported-by: Russell King <linux@arm.linux.org.uk> Signed-off-by: Rob Clark <robdclark@gmail.com> 11 September 2014, 10:49:20 UTC
fc88610 Mark Charlebois 29 August 2014, 18:05:50 UTC drm/msm: Change nested function to static function There is currently a nested function in Russel King's tree for the msm HDMI driver. The last nested function was removed from the Linux kernel when the Thinkpad driver was fixed. I believe nested functions are not desired upstream, and it also breaks compilation with clang so here is a patch to change the nested function into static function. The patch works with both clang and gcc. Signed-off-by: Mark Charlebois <charlebm@gmail.com> Signed-off-by: Rob Clark <robdclark@gmail.com> 11 September 2014, 10:49:20 UTC
3afdd8a Dave Airlie 11 September 2014, 10:17:10 UTC Merge tag 'drm-intel-fixes-2014-09-10' of git://anongit.freedesktop.org/drm-intel into drm-fixes more fixes for 3.17, almost all Cc: stable material. * tag 'drm-intel-fixes-2014-09-10' of git://anongit.freedesktop.org/drm-intel: drm/i915: Wait for vblank before enabling the TV encoder drm/i915: Evict CS TLBs between batches drm/i915: Fix irq enable tracking in driver load drm/i915: Fix EIO/wedged handling in gem fault handler drm/i915: Prevent recursive deadlock on releasing a busy userptr 11 September 2014, 10:17:10 UTC
69e672f Dave Airlie 11 September 2014, 10:00:38 UTC Merge branch 'drm-fixes-3.17' of git://people.freedesktop.org/~agd5f/linux into drm-fixes Just a few fixes for radeon for 3.17. * 'drm-fixes-3.17' of git://people.freedesktop.org/~agd5f/linux: drm/radeon/dpm: set the thermal type properly for special configs drm/radeon: reduce memory footprint for debugging drm/radeon: add connector quirk for fujitsu board drm/radeon: fix semaphore value init drm/radeon: only use me/pfp sync on evergreen+ 11 September 2014, 10:00:38 UTC
f498e06 Lars-Peter Clausen 07 September 2014, 13:54:39 UTC dmaengine: jz4740: Fix non-cyclic descriptor completion We need to make sure to deqeueue the descriptor from the active list before we call vchan_cookie_complete(). Also we need obviously only set chan->desc to NULL after we stopped using it. Signed-off-by: Lars-Peter Clausen <lars@metafoo.de> Signed-off-by: Vinod Koul <vinod.koul@intel.com> 11 September 2014, 05:24:25 UTC
233c7da Ivan T. Ivanov 11 September 2014, 00:19:00 UTC usb: chipidea: msm: Initialize PHY on reset event Initialize USB PHY after every Link controller reset Cc: 3.16+ <stable@vger.kernel.org> Cc: Tim Bird <tbird20d@gmail.com> Signed-off-by: Peter Chen <peter.chen@freescale.com> Signed-off-by: Ivan T. Ivanov <iivanov@mm-sol.com> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> 11 September 2014, 00:30:39 UTC
ea29005 Ivan T. Ivanov 11 September 2014, 00:18:59 UTC usb: chipidea: msm: Use USB PHY API to control PHY state PHY drivers keep track of the current state of the hardware, so don't change PHY settings under it. Cc: 3.16+ <stable@vger.kernel.org> Cc: Tim Bird <tbird20d@gmail.com> Signed-off-by: Peter Chen <peter.chen@freescale.com> Signed-off-by: Ivan T. Ivanov <iivanov@mm-sol.com> Acked-by: Felipe Balbi <balbi@ti.com> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> 11 September 2014, 00:30:39 UTC
584f1ad Linus Torvalds 10 September 2014, 22:42:18 UTC Merge branch 'akpm' (fixes from Andrew Morton) Merge misc fixes from Andrew Morton: "10 fixes" * emailed patches from Andrew Morton <akpm@linux-foundation.org>: fs/notify: don't show f_handle if exportfs_encode_inode_fh failed fsnotify/fdinfo: use named constants instead of hardcoded values kcmp: fix standard comparison bug mm/mmap.c: use pr_emerg when printing BUG related information shm: add memfd.h to UAPI export list checkpatch: allow commit descriptions on separate line from commit id sh: get_user_pages_fast() must flush cache eventpoll: fix uninitialized variable in epoll_ctl kernel/printk/printk.c: fix faulty logic in the case of recursive printk mem-hotplug: let memblock skip the hotpluggable memory regions in __next_mem_range() 10 September 2014, 22:42:18 UTC
7e88248 Andrey Vagin 09 September 2014, 21:51:06 UTC fs/notify: don't show f_handle if exportfs_encode_inode_fh failed Currently we handle only ENOSPC. In case of other errors the file_handle variable isn't filled properly and we will show a part of stack. Signed-off-by: Andrey Vagin <avagin@openvz.org> Acked-by: Cyrill Gorcunov <gorcunov@openvz.org> Cc: Alexander Viro <viro@zeniv.linux.org.uk> Cc: <stable@vger.kernel.org> Signed-off-by: Andrew Morton <akpm@linux-foundation.org> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org> 10 September 2014, 22:42:12 UTC
1fc98d1 Andrey Vagin 09 September 2014, 21:51:04 UTC fsnotify/fdinfo: use named constants instead of hardcoded values MAX_HANDLE_SZ is equal to 128, but currently the size of pad is only 64 bytes, so exportfs_encode_inode_fh can return an error. Signed-off-by: Andrey Vagin <avagin@openvz.org> Acked-by: Cyrill Gorcunov <gorcunov@openvz.org> Cc: Alexander Viro <viro@zeniv.linux.org.uk> Cc: <stable@vger.kernel.org> Signed-off-by: Andrew Morton <akpm@linux-foundation.org> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org> 10 September 2014, 22:42:12 UTC
acbbe6f Rasmus Villemoes 09 September 2014, 21:51:01 UTC kcmp: fix standard comparison bug The C operator <= defines a perfectly fine total ordering on the set of values representable in a long. However, unlike its namesake in the integers, it is not translation invariant, meaning that we do not have "b <= c" iff "a+b <= a+c" for all a,b,c. This means that it is always wrong to try to boil down the relationship between two longs to a question about the sign of their difference, because the resulting relation [a LEQ b iff a-b <= 0] is neither anti-symmetric or transitive. The former is due to -LONG_MIN==LONG_MIN (take any two a,b with a-b = LONG_MIN; then a LEQ b and b LEQ a, but a != b). The latter can either be seen observing that x LEQ x+1 for all x, implying x LEQ x+1 LEQ x+2 ... LEQ x-1 LEQ x; or more directly with the simple example a=LONG_MIN, b=0, c=1, for which a-b < 0, b-c < 0, but a-c > 0. Note that it makes absolutely no difference that a transmogrying bijection has been applied before the comparison is done. In fact, had the obfuscation not been done, one could probably not observe the bug (assuming all values being compared always lie in one half of the address space, the mathematical value of a-b is always representable in a long). As it stands, one can easily obtain three file descriptors exhibiting the non-transitivity of kcmp(). Side note 1: I can't see that ensuring the MSB of the multiplier is set serves any purpose other than obfuscating the obfuscating code. Side note 2: #include <stdio.h> #include <stdlib.h> #include <string.h> #include <fcntl.h> #include <unistd.h> #include <assert.h> #include <sys/syscall.h> enum kcmp_type { KCMP_FILE, KCMP_VM, KCMP_FILES, KCMP_FS, KCMP_SIGHAND, KCMP_IO, KCMP_SYSVSEM, KCMP_TYPES, }; pid_t pid; int kcmp(pid_t pid1, pid_t pid2, int type, unsigned long idx1, unsigned long idx2) { return syscall(SYS_kcmp, pid1, pid2, type, idx1, idx2); } int cmp_fd(int fd1, int fd2) { int c = kcmp(pid, pid, KCMP_FILE, fd1, fd2); if (c < 0) { perror("kcmp"); exit(1); } assert(0 <= c && c < 3); return c; } int cmp_fdp(const void *a, const void *b) { static const int normalize[] = {0, -1, 1}; return normalize[cmp_fd(*(int*)a, *(int*)b)]; } #define MAX 100 /* This is plenty; I've seen it trigger for MAX==3 */ int main(int argc, char *argv[]) { int r, s, count = 0; int REL[3] = {0,0,0}; int fd[MAX]; pid = getpid(); while (count < MAX) { r = open("/dev/null", O_RDONLY); if (r < 0) break; fd[count++] = r; } printf("opened %d file descriptors\n", count); for (r = 0; r < count; ++r) { for (s = r+1; s < count; ++s) { REL[cmp_fd(fd[r], fd[s])]++; } } printf("== %d\t< %d\t> %d\n", REL[0], REL[1], REL[2]); qsort(fd, count, sizeof(fd[0]), cmp_fdp); memset(REL, 0, sizeof(REL)); for (r = 0; r < count; ++r) { for (s = r+1; s < count; ++s) { REL[cmp_fd(fd[r], fd[s])]++; } } printf("== %d\t< %d\t> %d\n", REL[0], REL[1], REL[2]); return (REL[0] + REL[2] != 0); } Signed-off-by: Rasmus Villemoes <linux@rasmusvillemoes.dk> Reviewed-by: Cyrill Gorcunov <gorcunov@openvz.org> "Eric W. Biederman" <ebiederm@xmission.com> Cc: <stable@vger.kernel.org> Signed-off-by: Andrew Morton <akpm@linux-foundation.org> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org> 10 September 2014, 22:42:12 UTC
8542bdf Sasha Levin 09 September 2014, 21:50:59 UTC mm/mmap.c: use pr_emerg when printing BUG related information Make sure we actually see the output of validate_mm() and browse_rb() before triggering a BUG(). pr_info isn't shown by default so the reason for the BUG() isn't obvious. Signed-off-by: Sasha Levin <sasha.levin@oracle.com> Signed-off-by: Andrew Morton <akpm@linux-foundation.org> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org> 10 September 2014, 22:42:12 UTC
b01d072 David Drysdale 09 September 2014, 21:50:57 UTC shm: add memfd.h to UAPI export list The new header file memfd.h from commit 9183df25fe7b ("shm: add memfd_create() syscall") should be exported. Signed-off-by: David Drysdale <drysdale@google.com> Reviewed-by: David Herrmann <dh.herrmann@gmail.com> Cc: Hugh Dickins <hughd@google.com> Signed-off-by: Andrew Morton <akpm@linux-foundation.org> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org> 10 September 2014, 22:42:12 UTC
6688173 Joe Perches 09 September 2014, 21:50:55 UTC checkpatch: allow commit descriptions on separate line from commit id The general form for commit id and description is 'Commit <12+hexdigits> ("commit description/subject line")' but commit logs often have relatively long commit ids and the commit description emds on the next line like: Some explanation as to why commit <12+hexdigits> ("commit foo description/subject line") is improved. Allow this form. Signed-off-by: Joe Perches <joe@perches.com> Suggested-by: Joe Lawrence <joe.lawrence@stratus.com> Tested-by: Joe Lawrence <joe.lawrence@stratus.com> Suggested-by: Geert Uytterhoeven <geert@linux-m68k.org> Signed-off-by: Andrew Morton <akpm@linux-foundation.org> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org> 10 September 2014, 22:42:12 UTC
caac7e6 Stas Sergeev 09 September 2014, 21:50:53 UTC sh: get_user_pages_fast() must flush cache This patch avoids fuse hangs on sh4 by flushing the cache on get_user_pages_fast(). This is not necessary a good thing to do, but get_user_pages() does this, so get_user_pages_fast() should too. Please note the patch for mips arch that addresses the similar problem: https://kernel.googlesource.com/pub/scm/linux/kernel/git/ralf/linux/+/linux-3.4.50%5E!/#F0 They basically simply disable get_user_pages_fast() at all, using a fall-back to get_user_pages(). But my fix is different, it adds an explicit cache flushes. Signed-off-by: Stas Sergeev <stsp@users.sourceforge.net> Cc: Geert Uytterhoeven <geert+renesas@glider.be> Cc: Kamal Dasu <kdasu.kdev@gmail.com> Signed-off-by: Andrew Morton <akpm@linux-foundation.org> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org> 10 September 2014, 22:42:12 UTC
c680e41 Nicolas Iooss 09 September 2014, 21:50:51 UTC eventpoll: fix uninitialized variable in epoll_ctl When calling epoll_ctl with operation EPOLL_CTL_DEL, structure epds is not initialized but ep_take_care_of_epollwakeup reads its event field. When this unintialized field has EPOLLWAKEUP bit set, a capability check is done for CAP_BLOCK_SUSPEND in ep_take_care_of_epollwakeup. This produces unexpected messages in the audit log, such as (on a system running SELinux): type=AVC msg=audit(1408212798.866:410): avc: denied { block_suspend } for pid=7754 comm="dbus-daemon" capability=36 scontext=unconfined_u:unconfined_r:unconfined_t tcontext=unconfined_u:unconfined_r:unconfined_t tclass=capability2 permissive=1 type=SYSCALL msg=audit(1408212798.866:410): arch=c000003e syscall=233 success=yes exit=0 a0=3 a1=2 a2=9 a3=7fffd4d66ec0 items=0 ppid=1 pid=7754 auid=1000 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=3 comm="dbus-daemon" exe="/usr/bin/dbus-daemon" subj=unconfined_u:unconfined_r:unconfined_t key=(null) ("arch=c000003e syscall=233 a1=2" means "epoll_ctl(op=EPOLL_CTL_DEL)") Remove use of epds in epoll_ctl when op == EPOLL_CTL_DEL. Fixes: 4d7e30d98939 ("epoll: Add a flag, EPOLLWAKEUP, to prevent suspend while epoll events are ready") Signed-off-by: Nicolas Iooss <nicolas.iooss_linux@m4x.org> Cc: Alexander Viro <viro@zeniv.linux.org.uk> Cc: Arve Hjønnevåg <arve@android.com> Cc: <stable@vger.kernel.org> Signed-off-by: Andrew Morton <akpm@linux-foundation.org> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org> 10 September 2014, 22:42:12 UTC
000a7d6 Patrick Palka 09 September 2014, 21:50:48 UTC kernel/printk/printk.c: fix faulty logic in the case of recursive printk We shouldn't set text_len in the code path that detects printk recursion because text_len corresponds to the length of the string inside textbuf. A few lines down from the line text_len = strlen(recursion_msg); is the line text_len += vscnprintf(text + text_len, ...); So if printk detects recursion, it sets text_len to 29 (the length of recursion_msg) and logs an error. Then the message supplied by the caller of printk is stored inside textbuf but offset by 29 bytes. This means that the output of the recursive call to printk will contain 29 bytes of garbage in front of it. This defect is caused by commit 458df9fd4815 ("printk: remove separate printk_sched buffers and use printk buf instead") which turned the line text_len = vscnprintf(text, ...); into text_len += vscnprintf(text + text_len, ...); To fix this, this patch avoids setting text_len when logging the printk recursion error. This patch also marks unlikely() the branch leading up to this code. Fixes: 458df9fd4815b478 ("printk: remove separate printk_sched buffers and use printk buf instead") Signed-off-by: Patrick Palka <patrick@parcs.ath.cx> Reviewed-by: Petr Mladek <pmladek@suse.cz> Reviewed-by: Jan Kara <jack@suse.cz> Acked-by: Steven Rostedt <rostedt@goodmis.org> Cc: <stable@vger.kernel.org> Signed-off-by: Andrew Morton <akpm@linux-foundation.org> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org> 10 September 2014, 22:42:12 UTC
0a313a9 Xishi Qiu 09 September 2014, 21:50:46 UTC mem-hotplug: let memblock skip the hotpluggable memory regions in __next_mem_range() Let memblock skip the hotpluggable memory regions in __next_mem_range(), it is used to to prevent memblock from allocating hotpluggable memory for the kernel at early time. The code is the same as __next_mem_range_rev(). Clear hotpluggable flag before releasing free pages to the buddy allocator. If we don't clear hotpluggable flag in free_low_memory_core_early(), the memory which marked hotpluggable flag will not free to buddy allocator. Because __next_mem_range() will skip them. free_low_memory_core_early for_each_free_mem_range for_each_mem_range __next_mem_range [akpm@linux-foundation.org: fix warning] Signed-off-by: Xishi Qiu <qiuxishi@huawei.com> Cc: Tejun Heo <tj@kernel.org> Cc: Tang Chen <tangchen@cn.fujitsu.com> Cc: Zhang Yanfei <zhangyanfei@cn.fujitsu.com> Cc: Wen Congyang <wency@cn.fujitsu.com> Cc: "Rafael J. Wysocki" <rjw@sisk.pl> Cc: "H. Peter Anvin" <hpa@zytor.com> Cc: Wu Fengguang <fengguang.wu@intel.com> Signed-off-by: Andrew Morton <akpm@linux-foundation.org> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org> 10 September 2014, 22:42:12 UTC
7ec62d4 Linus Torvalds 10 September 2014, 21:04:17 UTC Merge branch 'for_linus' of git://git.kernel.org/pub/scm/linux/kernel/git/jack/linux-fs Pull UDF fixes from Jan Kara: "Fixes for UDF handling of NFS handles and one fix for proper handling of corrupted media" * 'for_linus' of git://git.kernel.org/pub/scm/linux/kernel/git/jack/linux-fs: udf: saner calling conventions for udf_new_inode() udf: fix the udf_iget() vs. udf_new_inode() races udf: merge the pieces inserting a new non-directory object into directory udf: Set i_generation field udf: Properly detect stale inodes udf: Make udf_read_inode() and udf_iget() return error udf: Avoid infinite loop when processing indirect ICBs udf: Fold udf_fill_inode() into __udf_read_inode() udf: Avoid dir link count to go negative 10 September 2014, 21:04:17 UTC
c605f3c Joe Lawrence 10 September 2014, 19:07:50 UTC usb: hub: take hub->hdev reference when processing from eventlist During surprise device hotplug removal tests, it was observed that hub_events may try to call usb_lock_device on a device that has already been freed. Protect the usb_device by taking out a reference (under the hub_event_lock) when hub_events pulls it off the list, returning the reference after hub_events is finished using it. Signed-off-by: Joe Lawrence <joe.lawrence@stratus.com> Suggested-by: David Bulkow <david.bulkow@stratus.com> for using kref Suggested-by: Alan Stern <stern@rowland.harvard.edu> for placement Acked-by: Alan Stern <stern@rowland.harvard.edu> Cc: stable <stable@vger.kernel.org> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> 10 September 2014, 20:32:35 UTC
a9c54ca Hans de Goede 10 September 2014, 08:51:36 UTC uas: Disable uas on ASM1051 devices There are a large numbers of issues with ASM1051 devices in uas mode: 1) They do not support REPORT SUPPORTED OPERATION CODES 2) They use out of spec 8 byte status iu-s when they have no sense data, switching to normal 16 byte status iu-s when they do have sense data. 3) They hang / crash when combined with some disks, e.g. a Crucial M500 ssd. 4) They hang / crash when stressed (through e.g. sg_reset --bus) with disks with which then normally do work (once 1 & 2 are worked around). Where as in BOT mode they appear to work fine, so the best way forward with these devices is to just blacklist them for uas usage. Unfortunately this is easier said then done. as older versions of the ASM1053 (which works fine) use the same usb-id as the ASM1051. When connected over USB-3 the 2 can be told apart by the number of streams they support. So this patch adds some less then pretty code to disable uas for the ASM1051. When connected over USB-2, simply disable uas alltogether for devices with the shared usb-id. Cc: stable@vger.kernel.org # 3.16 Signed-off-by: Hans de Goede <hdegoede@redhat.com> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> 10 September 2014, 20:32:35 UTC
224ecbf Weston Andros Adamson 09 September 2014, 21:51:47 UTC pnfs: fix filelayout_retry_commit when idx > 0 filelayout_retry_commit was recently split out from alloc_ds_commits, but was done in such a way that the bucket pointer always starts at index 0 no matter what the @idx argument is set to. The intention of the @idx argument is to retry commits starting at bucket @idx. This is called when alloc_ds_commits fails for a bucket. Signed-off-by: Weston Andros Adamson <dros@primarydata.com> Signed-off-by: Trond Myklebust <trond.myklebust@primarydata.com> 10 September 2014, 19:43:45 UTC
a80d8b0 John Sung 09 September 2014, 17:06:51 UTC Input: serport - add compat handling for SPIOCSTYPE ioctl When running a 32-bit inputattach utility in a 64-bit system, there will be error code "inputattach: can't set device type". This is caused by the serport device driver not supporting compat_ioctl, so that SPIOCSTYPE ioctl fails. Cc: stable@vger.kernel.org Signed-off-by: John Sung <penmount.touch@gmail.com> Signed-off-by: Dmitry Torokhov <dmitry.torokhov@gmail.com> 10 September 2014, 17:27:42 UTC
58e4aee Stephen Warren 10 September 2014, 17:01:10 UTC Input: atmel_mxt_ts - fix double free of input device [Nick Dyer: reworked to move free of input device into separate function and only call in paths that require it.] Signed-off-by: Nick Dyer <nick.dyer@itdev.co.uk> Signed-off-by: Dmitry Torokhov <dmitry.torokhov@gmail.com> 10 September 2014, 17:27:31 UTC
c27a3e4 Ilya Dryomov 09 September 2014, 15:39:15 UTC libceph: do not hard code max auth ticket len We hard code cephx auth ticket buffer size to 256 bytes. This isn't enough for any moderate setups and, in case tickets themselves are not encrypted, leads to buffer overflows (ceph_x_decrypt() errors out, but ceph_decode_copy() doesn't - it's just a memcpy() wrapper). Since the buffer is allocated dynamically anyway, allocated it a bit later, at the point where we know how much is going to be needed. Fixes: http://tracker.ceph.com/issues/8979 Cc: stable@vger.kernel.org Signed-off-by: Ilya Dryomov <ilya.dryomov@inktank.com> Reviewed-by: Sage Weil <sage@redhat.com> 10 September 2014, 16:08:36 UTC
597cda3 Ilya Dryomov 08 September 2014, 13:25:34 UTC libceph: add process_one_ticket() helper Add a helper for processing individual cephx auth tickets. Needed for the next commit, which deals with allocating ticket buffers. (Most of the diff here is whitespace - view with git diff -b). Cc: stable@vger.kernel.org Signed-off-by: Ilya Dryomov <ilya.dryomov@inktank.com> Reviewed-by: Sage Weil <sage@redhat.com> 10 September 2014, 16:08:35 UTC
73c3d48 Sage Weil 04 August 2014, 14:01:54 UTC libceph: gracefully handle large reply messages from the mon We preallocate a few of the message types we get back from the mon. If we get a larger message than we are expecting, fall back to trying to allocate a new one instead of blindly using the one we have. CC: stable@vger.kernel.org Signed-off-by: Sage Weil <sage@redhat.com> Reviewed-by: Ilya Dryomov <ilya.dryomov@inktank.com> 10 September 2014, 16:08:32 UTC
40aa978 Anssi Hannula 05 September 2014, 00:11:28 UTC dm cache: fix race causing dirty blocks to be marked as clean When a writeback or a promotion of a block is completed, the cell of that block is removed from the prison, the block is marked as clean, and the clear_dirty() callback of the cache policy is called. Unfortunately, performing those actions in this order allows an incoming new write bio for that block to come in before clearing the dirty status is completed and therefore possibly causing one of these two scenarios: Scenario A: Thread 1 Thread 2 cell_defer() . - cell removed from prison . - detained bios queued . . incoming write bio . remapped to cache . set_dirty() called, . but block already dirty . => it does nothing clear_dirty() . - block marked clean . - policy clear_dirty() called . Result: Block is marked clean even though it is actually dirty. No writeback will occur. Scenario B: Thread 1 Thread 2 cell_defer() . - cell removed from prison . - detained bios queued . clear_dirty() . - block marked clean . . incoming write bio . remapped to cache . set_dirty() called . - block marked dirty . - policy set_dirty() called - policy clear_dirty() called . Result: Block is properly marked as dirty, but policy thinks it is clean and therefore never asks us to writeback it. This case is visible in "dmsetup status" dirty block count (which normally decreases to 0 on a quiet device). Fix these issues by calling clear_dirty() before calling cell_defer(). Incoming bios for that block will then be detained in the cell and released only after clear_dirty() has completed, so the race will not occur. Found by inspecting the code after noticing spurious dirty counts (scenario B). Signed-off-by: Anssi Hannula <anssi.hannula@iki.fi> Acked-by: Joe Thornber <ejt@redhat.com> Signed-off-by: Mike Snitzer <snitzer@redhat.com> Cc: stable@vger.kernel.org 10 September 2014, 15:20:47 UTC
a516440 Jens Axboe 10 September 2014, 15:02:03 UTC blk-mq: scale depth and rq map appropriate if low on memory If we are running in a kdump environment, resources are scarce. For some SCSI setups with a huge set of shared tags, we run out of memory allocating what the drivers is asking for. So implement a scale back logic to reduce the tag depth for those cases, allowing the driver to successfully load. We should extend this to detect low memory situations, and implement a sane fallback for those (1 queue, 64 tags, or something like that). Tested-by: Robert Elliott <elliott@hp.com> Signed-off-by: Jens Axboe <axboe@fb.com> 10 September 2014, 15:02:03 UTC
0b5a506 Stefan Bader 02 September 2014, 10:16:01 UTC x86/xen: don't copy bogus duplicate entries into kernel page tables When RANDOMIZE_BASE (KASLR) is enabled; or the sum of all loaded modules exceeds 512 MiB, then loading modules fails with a warning (and hence a vmalloc allocation failure) because the PTEs for the newly-allocated vmalloc address space are not zero. WARNING: CPU: 0 PID: 494 at linux/mm/vmalloc.c:128 vmap_page_range_noflush+0x2a1/0x360() This is caused by xen_setup_kernel_pagetables() copying level2_kernel_pgt into level2_fixmap_pgt, overwriting many non-present entries. Without KASLR, the normal kernel image size only covers the first half of level2_kernel_pgt and module space starts after that. L4[511]->level3_kernel_pgt[510]->level2_kernel_pgt[ 0..255]->kernel [256..511]->module [511]->level2_fixmap_pgt[ 0..505]->module This allows 512 MiB of of module vmalloc space to be used before having to use the corrupted level2_fixmap_pgt entries. With KASLR enabled, the kernel image uses the full PUD range of 1G and module space starts in the level2_fixmap_pgt. So basically: L4[511]->level3_kernel_pgt[510]->level2_kernel_pgt[0..511]->kernel [511]->level2_fixmap_pgt[0..505]->module And now no module vmalloc space can be used without using the corrupt level2_fixmap_pgt entries. Fix this by properly converting the level2_fixmap_pgt entries to MFNs, and setting level1_fixmap_pgt as read-only. A number of comments were also using the the wrong L3 offset for level2_kernel_pgt. These have been corrected. Signed-off-by: Stefan Bader <stefan.bader@canonical.com> Signed-off-by: David Vrabel <david.vrabel@citrix.com> Reviewed-by: Boris Ostrovsky <boris.ostrovsky@oracle.com> Cc: stable@vger.kernel.org 10 September 2014, 14:23:42 UTC
fea685e Tomasz Figa 26 August 2014, 14:30:53 UTC MAINTAINERS: Tomasz has moved I am leaving Samsung, so my current e-mail address is not going to work any longer. Replace it with my private one. In addition, Sylwester Nawrocki is being added as co-maintainer for Samsung clock drivers to take some of the responsibilities, as I will be doing my part in my spare time. Signed-off-by: Tomasz Figa <t.figa@samsung.com> Signed-off-by: Linus Walleij <linus.walleij@linaro.org> 10 September 2014, 12:25:51 UTC
41939e6 Mathias Nyman 11 August 2014, 13:51:55 UTC pinctrl: baytrail: resolve unbalanced IRQ wake disable warning Add the IRQCHIP_SKIP_SET_WAKE flag to baytrail gpio irq_chip to resolve unbalaced IRQ wake disable warnings. Suggested-by: Borun Fu <borun.fu@intel.com> Signed-off-by: Mathias Nyman <mathias.nyman@linux.intel.com> Reviewed-by: Mika Westerberg <mika.westerberg@linux.intel.com> Signed-off-by: Linus Walleij <linus.walleij@linaro.org> 10 September 2014, 12:25:51 UTC
255939e Wei Yongjun 14 August 2014, 03:49:52 UTC rbd: fix error return code in rbd_dev_device_setup() Fix to return -ENOMEM from the workqueue alloc error handling case instead of 0, as done elsewhere in this function. Reviewed-by: Alex Elder <elder@linaro.org> Signed-off-by: Wei Yongjun <yongjun_wei@trendmicro.com.cn> 10 September 2014, 07:59:06 UTC
58d1362 Ilya Dryomov 12 August 2014, 07:22:07 UTC rbd: avoid format-security warning inside alloc_workqueue() drivers/block/rbd.c: In function ‘rbd_dev_device_setup’: drivers/block/rbd.c:5090:19: warning: format not a string literal and no format arguments [-Wformat-security] Reported-by: kbuild test robot <fengguang.wu@intel.com> Signed-off-by: Ilya Dryomov <ilya.dryomov@inktank.com> 10 September 2014, 07:59:06 UTC
e874a5f Linus Torvalds 10 September 2014, 00:00:43 UTC Merge branch 'for-next-3.17' of git://git.samba.org/sfrench/cifs-2.6 Pull cifs/smb3 fixes from Steve French: "This includes various cifs and smb3 bug fixes including those for bugs found with the recently updated xfstests. Also I am working fixes for two additional cifs problems found by xfstests which I plan to send later (when reviewed and run additional tests)" * 'for-next-3.17' of git://git.samba.org/sfrench/cifs-2.6: Clarify Kconfig help text for CIFS and SMB2/SMB3 CIFS: Fix wrong filename length for SMB2 CIFS: Fix wrong restart readdir for SMB1 CIFS: Fix directory rename error cifs: No need to send SIGKILL to demux_thread during umount cifs: Allow directIO read/write during cache=strict cifs: remove unneeded check of null checking in if condition cifs: fix a possible use of uninit variable in SMB2_sess_setup cifs: fix memory leak when password is supplied multiple times cifs: fix a possible null pointer deref in decode_ascii_ssetup Trivial whitespace fix 10 September 2014, 00:00:43 UTC
5715fc7 Dmitry Torokhov 30 August 2014, 20:51:06 UTC Input: synaptics - add support for ForcePads ForcePads are found on HP EliteBook 1040 laptops. They lack any kind of physical buttons, instead they generate primary button click when user presses somewhat hard on the surface of the touchpad. Unfortunately they also report primary button click whenever there are 2 or more contacts on the pad, messing up all multi-finger gestures (2-finger scrolling, multi-finger tapping, etc). To cope with this behavior we introduce a delay (currently 50 msecs) in reporting primary press in case more contacts appear. Cc: stable@vger.kernel.org Reviewed-by: Hans de Goede <hdegoede@redhat.com> Signed-off-by: Dmitry Torokhov <dmitry.torokhov@gmail.com> 09 September 2014, 23:52:28 UTC
back to top